Windows Defender Can Run in a Secure Sandbox to Keep PC Safe

Windows Defender Can Run in Sandbox

It is not a good idea to use a computer without a piece of antivirus software. That’s why Windows Defender is as a core feature in Windows 10.

Without a doubt, Defender and some third-party applications like it provide an important layer of protection against some threats like ransomware. However, you may not know that they can bring new security risks. Thus, Microsoft is adding a sandbox mode to Windows Defender.

Sandbox

Sandboxing is a security mechanism that can keep its activities isolated from the rest of the software installed on your PC. Namely, it works by separating a process in a tightly controlled area of the system that gives the process access to limited disk and memory resources.

It is not a new thing to use the sandbox. You may already be using an app that runs in a sandbox, for example, Google Chrome has been sandboxed since 2008.

One of the most complex pieces of exploitation malware is a sandbox escape. Even if hackers find an exploit of the program, they still have to figure out the sandbox. Without the escape, there is no way to directly attack the Windows operating system.

Microsoft Windows Defender

Some security researchers have previously identified ways that attackers can take full use of Windows Defender vulnerabilities that can enable arbitrary code execution. Soon afterwards, Microsoft starts working on porting Windows Defender to a sandbox environment.

Among these researchers, the most infamous Windows remote code execution flaw is “crazy bad” , found by Google’s Tavis Ormandy, prominent vulnerability hunter.

During many of his bug reports, he has recommended Microsoft to move Windows Defender to a sandbox and prevent attackers from using it to take over Windows computers.

Since Windows Defender and all antivirus programs can automatically scan all incoming files and data streams like IM messages, emails and newly downloaded files, this type of attack is possible.

When scanning these files for viruses, if the malformed code is included in the file, the automatic scan also ensures malicious code is executed as soon as it reaches a computer with system-level privileges.

If Windows Defender or any antivirus tool is vulnerable, the attack will be devastating, allowing attackers to fully control targeted computers.

By now, Microsoft hasn’t seen any such attacks against Windows Defender. And this company opts to add Windows Defender to the sandbox, and won’t take any risks of users safety.

In a blog post, Microsoft says “We’re in the process of gradually enabling this capability for Windows insiders and continuously analyzing feedback to refine the implementation“.

How to Enable Window Defender in Sandbox

If you are running the latest preview build of Windows 10, now it is allowed to access the initial version of sandbox-enabled Defender. If you can’t wait until Microsoft finishes testing the feature, you can also enable it.

To enable it, follow these steps:

Step 1: Type cmd in the searching box, right-click this tool in the result and choose Run as Administrator option.

Step 2:  Type this command setx /M MP_FORCE_USE_SANDBOX 1 and hit Enter key to wait for validation.

After that, restart your PC.